J2 EFS internal mechanism
Each J2 EFS-activated file is associated with a special extended attribute which contains EFS meta-data used to validate crypto authority and information used to encrypt and decrypt files (keys, crypto algorithm, etc).
The EA content is opaque for J2. Both user credentials and EFS meta-data are required to determine a crypto authority (access control) for any given EFS-activated file.
Note: Special attention should be given to situations where a file or data
may be lost (for example, removal of the file's EA).